couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <>
Subject Re: Proposal for digital signatures of documents
Date Tue, 10 Mar 2009 22:27:13 GMT
On Tue, Mar 10, 2009 at 9:01 AM, Brian Candler <> wrote:
> Inventing new cryptosystems is dangerous. Why not an OpenPGP armored
> detached signature?
> {"hello":"world","signature":"-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQBJto4vlKln0Ovw7PARAlipAJ4tFqpJRikySLnynzbe6XxzIQ2PnACgipzl\n7qRjToRgvNXLdSEQ1V+aJEQ=\n=ykd/\n-----END
> Or else a binary detached signature, base64-encoded.

I found two candidate JS libs for doing the public key crypto in the browser:

MIT licensed but depends on Prototype. Should be easy to fix.
Incomplete - I think it only does decrypt. Code quality looks fine.

GPL, more feature complete, less browser-centric. Overall more
ready-to-go. Not sure I want to find out the hard way what happens
when you start mixing GPL code into applications that blur the
boundary between client and server. Maybe it doesn't matter, maybe
it's a pain.

Anyone else have other leads?

Chris Anderson

View raw message